Jess Pomfret takes us through an improvement to the old Get-EventLog cmdlet:
Recently I was tasked with troubleshooting an incident on a SQL Server at a certain point in the past, the issue being a high CPU alert. It’s hard (without monitoring solutions set up) to go back in time and determine what the issue is. However, one thing we can check is the windows event log to see if there was anything happening on the server at that time.
Now, you probably know that my favourite tool of choice is PowerShell, so let’s take a look at how we can use
Get-WinEventto see what was happening in the past.
Get-WinEventis the newer revamped version ofGet-EventLog, and there are two improvements I believe are worth mentioning. Firstly, with the introduction of filter parameters we can now find certain events much easier, which we’ll talk about a little later. Secondly, the performance ofGet-WinEventis much faster than using the legacy command. I believe this is due to the filtering happening at the event engine instead of within PowerShell.
Those are some rather welcome improvements.